Systemd tweets up a storm! Mintbox goes Pro, dnf crashes X, and project Mortar resurrects Flash, kinda. Then we have a slice of two-factor Pi.

Subscribe: Linux Weekly Daily Wednesday


Notes:
Colour key – Venn Pedro Mathieu Jordan

News

PSA
https://lists.fedoraproject.org/archives/list/[email protected]

  • XFCE master race!
  • Users began reporting “duplicated packages” and “kernel updates not working” error messages after running the update.
  • I have broken the Fedora package manager in strange and unusual ways in the past, sometimes I haven’t managed to recover the system at all.
    • Part of the Fedora learning experience.
  • On the other hand I have always managed to fix Debian based systems no matter how messed up the package manager was.
  • This Fedora thread is weird, they seem to be less focused on fixing the X crash and more focused on warning users against running dnf in a desktop environment.
  • This must be a fairly recent thing.  I’ve run a DNF update on both Mate and XFCE within the past two weeks and have not run into any issues

 

Buggy Crap
http://www.theregister.co.uk/2016/10/05/linus_torvalds_admits_buggy_crap_made_it_into_linux_48/

  • Nice to know this will get patched before 4.8 hits any major distro.
  • The bug seems to reside in swap.h so do like I do, don’t use swap!
    • He seems grumpy about this not receiving proper testing.
    • Do they still makes 4GB DIMMs?
    • Remember kids! If Stryder does something, do the opposite.
  • I still like how the article provides the download link to the kernel after this entire rant
  • Bad use of the BUG_ON method, which can kill the kernel as opposed to spitting out warnings.

 

Hashtag SystemNope (from Mir)
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
https://www.scrye.com/wordpress/nirik/2016/10/01/how-to-reignite-a-flamewar-in-one-tweet-and-i-still-dont-get-it/

  • As much as I’d love to smack systemD into the ground again, this was blown out of proportion.
  • It’s like we’re on the internet or something.
  • And whole crashing it in one tweet is also not accurate.
  • You’re not tweeting at SystemD, you’re sending it an empty notification request.
  • And even then, sometimes you need to infinitely loop it before it causes anything.
  • And for what? DDoS’ing a box locally. That’s it, that’s all you can do.
  • Oh, but you can’t cleanly reboot.”
  • Since Journaled filesystems were invented, a good old power flush works wonders.
  • And the guy who wrote that blog post at the same time he reported the bug, he can go rub himself raw on a rusted tin roof.
  • So much for responsible disclosure.
  • This is indeed receiving a lot of attention just because it’s systemd
  • Like Kevin mentioned in his blog post bind, the DNS service had a similar local DDOS vulnerability a few days ago and no one cared.
  • The bug is hard to reproduce, does not do a whole lot of damage and has been fixed. Move on, there is nothing to see there.
  • the only job of PID 1 is to execute the real init system and reap zombies”
    • FSM damn I love Linux.
  • Sooo don’t shove the kitchen sink into PID1?


3.22 The future is now
https://www.gnome.org/news/2016/09/gnome-3-22-released-the-future-is-now/
https://help.gnome.org/misc/release-notes/3.22/

  • Flatpak, the next generation application framework for Linux”
      • Oh yes, let’s integrate yet another package manager.   
  • New photo sharing thingies and enhanced support for the Wayland.
  • The bulk file renamer is nice, I won’t have to write scripts to rename stuff anymore.
  • This *might* land in Ubuntu 17.04 but that depends on how fast Debian is to bring it to testing.


5.8 LTS
https://www.kde.org/announcements/plasma-5.8.0.php
https://www.kde.org/announcements/plasma-5.7.5-5.8.0-changelog.php

  • It’s no longer in beta, in fact, it should be arriving at major distros in a matter of days.
  • And by major distro, he means Suse Tumbleweed, Arch and Debian Sid. Other will have to wait a bit.
  • I want that phone integration so bad. I wonder if I can make that work in Gnome.
  • Cover your desktop in useful widgets”
    • If you go over to someone’s house and their Desktop is covered in widgets… run.
  • It’s been a long time since i’ve used the KDE and after reading this it looks like the focus is on being pretty.

 

Will it blend?
https://www.blender.org/features/2-78/

  • Optimizations on the cycles engine
  • Support for VR rendering
  • Better rendering in the viewport
  • New freehand curve tool with pressure support
  • Grease pencil for 2D drawing
  • Bunch of other features, very solid release. If you use Blender, you’ll want to update asap
  • Don’t put animated gifs on your homepage.
  • Added support for NVIDIA 10x and improved support for the 980Ti and Titan.
  • Updates like this makes me wish I had stuck /w learning the Blender back in the 90’s.
    • Not necessarily, I started toying with Blender last year and it seems to be much easier to pick up today than it was a few years ago.

 

Boom goes the Flash
https://groups.google.com/forum/#!msg/mozilla.dev
https://wiki.mozilla.org/Mortar_Project

  • You wanna replace the broken piece of bullcrap that is the Firefox PDF reader? Be my guest.
    • After that exploit which targeted it and went straight for the .ssh folders, I have no sympathy left for it.
  • But don’t bring in embedded Flash support.
  • Adobe themselves want Flash to die and people like Google just won’t let it.
  • Adobe did release an update for the NPAPI Flash a few weeks ago.
  • I don’t think Mozilla’s goal is to bring a full implementation of Flash into their browser like Chrome does (because it would require some proprietary code to begin with)
  • But it will have a more basic implementation of Flash, similar to what Gnash does, in order for some libraries (PDFium in this case) to work.
  • If they do make the switch to the Pepper API, they it will probably be possible to use the Flash plugin from Chrome in a less hackish way than what is required today.
    • Ummm…how about we just stop using flash.
  • We’re renaming this Mordor, anyone have a problem with that?
  • Wait, Foxfire cocks up PDFs?
    • Not really?  Aside from the exploit that Pedro mentioned.   But PDF based exploits have been around since PDFs were invented

 

Talking Electrons
https://wire.com/privacy/

  • I’m’ willing to try anything at this point.
  • I’m not willing to try something from people who won’t bother releasing a proper Linux client.
    • You would be okay with an electron app?
    • It seems to be an Electron app to begin with, even on Windows and OSX
    • It also works directly from their webzone.
  • Apparently you can still build it for Linux but it’s “experimental” and “unsupported”
  • Because who cares about Linux anyway?
  • Remember that Tox was already doing this 2 years ago and you also got Ring that seems to be stable-ish.
  • What the gosh darn heck is their business plan?

 

MintBox
http://blog.linuxmint.com/?p=3095

  • I wonder what kind of business deal Mint did with the manufacturer of these boxes, because I can’t imagine their previous hardware deals were all that profitable.
  • Quite a bold move to release a Linux box with Radeon graphics, but, hey, at least it’s open source!
    • Cheap, the word you are looking for is cheap.
  • Was there ever really that much demand for mintboxes in the first place?   Intel NUCs seem like a better deal

 

Win16.04
http://www.omgubuntu.co.uk/2016/10/windows-10-linux-subsystem-ubuntu-16-04

  • Would try this but my laptop with my copy of Windows connected to my Windows Insider account is under heavy repair.
  • They have switched to 16.04, like everyone should have done long ago, EVERYONE.
    • Again, this is something Frenchy likes and Microsoft recommends.
    • …think about that.
  • SystemD on windows.    Let the jokes begin

Slice of Pi

PixelPi
https://www.raspberrypi.org/blog/introducing-pixel/

  • I like when people give attention to visual details on the desktop and that’s what PIXEL is about.
  • Providing Infinality font rendering is a nice move, especially when you know how few distros get font rendering right.
  • Not sure I like the icon theme though. Looks a bit dated and childish. (But yes, the Pi is partly targeted at children so it kinda makes sense)
  • Chromium for the Pi, finally!
    • They even included uBlock?
    • Oh the poor 2GB of ram on that thing.  Chromium’s gonna nom nom that right up

 

SecurePi
http://hackaday.com/2016/09/30/lock-up-your-raspberry-pi-with-help-from-google/

  • This is neat and also not specific to Raspberry Pi
  • You can install the google-authenticator command with the libpam-google-authenticator package
  • Using the Googs for security… anyone see the irony in that? Bueller, Bueller?
  • Two-Factor Pi, yeah, no.
  • Telling newbie linux users to start messing around with PAM is a bad idea.   Maybe introduce them to NSSwitch first

Feedback

Lies
https://linuxgamecast.com/bradley/?uKT5EFT

Take a second to support Linux Game Cast on Patreon!
Tweet about this on TwitterShare on Google+Share on FacebookShare on TumblrShare on Reddit